Texthelp Ltd

ReachDeck

ReachDeck is an all-in-one digital inclusion solution. It includes an accessibility compliance checker, a readability editor, and a web accessibility toolbar (previously known as Browsealoud). Its features help organisations improve the accessibility, readability and reach of online content. Its tools support organisations to build trust, remove barriers and maximise engagement.

Features

• Auditor identifies accessibility errors across any website quickly and easily
• Editor highlights readability problems at the time of writing
• Toolbar adds text-to-speech, reading and translation support to any website

Benefits

• Helps organisations make online content accessible and usable to everyone
• Helps to improve compliance with the Web Content Accessibility Guidelines
• Supports the creation of content that’s easy to understand
• Helps a wider audience browse, buy and access online content/services
• Supports fast-paced teams to manage quality assurance more efficiently

£3,295 to £50,769 a licence

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at p.fox@texthelp.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

815305839514473

Contact

Paul Fox
02894428105
p.fox@texthelp.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: No
• System requirements:
  • ReachDeck Toolbar- JavaScript Code must be added to Website CRM
  • ReachDeck Toolbar- User must be using latest version of browser
  • ReachDeck Auditor- Website must be Public Facing
  • ReachDeck Editor- User must be using latest version of browser
  • ReachDeck Portal- Microsoft or Google Hosted Email Required

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: With 24 Hours/ Next Working Day
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: WCAG 2.1 AA or EN 301 549
• Web chat accessibility testing: As an assistive technology company we ensure all of our products and services reach a high standard of accessibility. Our third party service Intercom complies to WCAG 2.0 AA. Please see attached statement https://www.intercom.com/help/en/articles/2530813-is-the-intercom-messenger-accessible
• Onsite support: No
• Support levels: Full support is included as part of our SaaS Licence Model. Each customer has a dedicated Account Manager. We also have a support team available via telephone or email during business hours.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We have a range of resource material available through documentation and video walk throughs. Each customer also has a dedicated Account Manager to help them with onboarding
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
  • Other
• Other documentation formats: Video
• End-of-contract data extraction: We have a data retention policy and a customer can contact us via dedicated email address to have their data removed at any time
• End-of-contract process: Full service and support is included in the price. There will be an extra cost for any additional URL's added to the contract

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: ReachDeck Toolbar offers a streamlined service on mobile devices due to the native features already available on mobile devices
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: We offer a web based portal where users can configure the ReachDeck Toolbar and access the results of any ReachDeck Auditor Services including scans and reports
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: As an assistive technology company we design and build all of our products in partnership with our customers who are primarily assistive technology users
• API: No
• Customisation available: Yes
• Description of customisation: Yes. Features on the ReachDeck toolbar can be added or removed at the customers discretion. The toolbar and launchpad also offers customised integration. This can be customised via the ReachDeck Portal and managed by the end users

Scaling

• Independence of resources: We have the infrastructure in place to ensure 100% uptime regardless of demand on our servers

Analytics

• Service usage metrics: Yes
• Metrics types: On request, we can provide usage analytics for the ReachDeck Toolbar
• Reporting types:
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: We do not collect or retain any user data
• Data export formats: Other
• Data import formats: Other

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

• Guaranteed availability: We guarantee 99.9% uptime. If a situation arose where our services were unavailable customer refunds would be dealt with on a case by case basis
• Approach to resilience: Information is available on request
• Outage reporting: Monitors and scheduled automated tests running twice per day. Automatic notifications are sent by both monitors and automated tests if results are not as expected.

Identity and authentication

• User authentication needed: Yes
• User authentication: Other
• Other user authentication: No passwords are sent to Customer employees. A Google, Microsoft or LinkedIn account is required to log into the Texthelp products. All passwords are now handled by those providers.
• Access restrictions in management interfaces and support channels: There are no hierarchy restrictions to access our software
• Access restriction testing frequency: At least once a year
• Management access authentication: 2-factor authentication

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Bsi
• ISO/IEC 27001 accreditation date: 09/08/2021
• What the ISO/IEC 27001 doesn’t cover: The Information Security Management System in relation to the marketing, sales, design, development, support and supply of educational software. This is accordance with the Statement of Applicability version 1.3
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications: ISO 9001:2015

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: ISMS 1.2 Data Security Policy; ISMS 1.3 Product Analytics Policy; ISMS 1.4 Access Request Policy/Procedure; ISMS 1.5 Responsibilities/Authorisations Register; ISMS 1.6 Audit Logging Policy; ISMS 1.7 Backup & Data Retention Policy; ISMS 1.8 Encryption Policy; ISMS 1.9 Logical Access Policy; ISMS 1.11 Network Security Policy; ISMS 1.12 New Product/Service Security Review Policy; ISMS 1.13 Record Retention Policy; ISMS 1.14 Security Patching Policy; ISMS 1.15 Infrastructure Hardening Policy; ISMS 1.16 Vulnerability Management Policy; ISMS 1.19 Security Incident Reporting Policy; ISMS 1.20 Acceptable Use, Mobile & Teleworking Policy; ISMS 1.21 Information Classification & Labelling Policy; ISMS 1.22 Password Policy; ISMS 1.23 Statement of Applicability; ISMS 1.24 Risk Treatment Plan; ISMS 1.25 Asset owner Policy; ISMS 1.26 Secure Development Policy; TH 100 Business Continuity Plan; TH 110.1 Disaster Recovery Policy

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: The company has a change control policy requiring managers to ensure that any changes that may affect the quality or security systems are properly investigated prior to making the changes. The managers themselves authorise the changes. The change control process is audited in line with the ongoing audit programme
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: All software is routinely scanned using the Whitesource vulnerability scanner during the development and QA process.; ; The company has a Secure Development Policy that describes required methods of version control, secure coding standards, how test data is handled, third party components etc.; ; The company does follow and test for the OWASP Top Ten online vulnerabilities. Members of the QA team are tasked with ensuring online test suites are current with this list at all times
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Texthelp has an internal audit programme for both its ISO 27001 and ISO 9001 standard implementations. The audits run throughout the year and results from these will drive improvement to the company’s security posture and processes. In addition external auditing of the company’s processes is performed by BSI each twice annually in our UK office and annually in our US and Australian office.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Whoever discovers the incident should notify the Data Security staff, CTO, CDO & DPO.; ; A list of customers and users that are notified about the incident is created; Data Entity that is compromised should be identified.; Texthelp Products that use this Data Entity identified, and each product that has been impacted:; List of customers, Technical Contacts and data security created and added to the Notification List.; ; Notification List made aware of:; Nature and extent of the incident; If personal data was accessed; Steps Texthelp have taken to mitigate the impact and prevent recurrence; Downtime/Security Event should be logged; Response plan

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Covid-19 recovery:

  Covid-19 recovery

  With COVID-19 came a reliance on the digital world. As the world returns to a new normal, ReachDeck helps organisations to ensure their digital presence is inclusive to all people. It helps them to make digital information accessible and usable by all and supports them to maintain accessibility standards.
• Equal opportunity:

  Equal opportunity

  ReachDeck is a digital inclusion software. It helps organisations do their part in improving the digital world, and making it more inclusive of everyone. A digital world that's inclusive is one where all people have equal access to online information and services.
• Wellbeing:

  Wellbeing

  ReachDeck contributes towards a digital world where everyone can use and access content and services without barriers. It supports a digital world where everyone feels included and can browse and buy independently.

Pricing

• Price: £3,295 to £50,769 a licence
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: We can provide a free 30 day trial of ReachDeck.; ; You can test the full ReachDeck package across your entire website.
• Link to free trial: https://www.texthelp.com/en-gb/products/reachdeck/try-reachdeck/

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at p.fox@texthelp.com. Tell them what format you need. It will help if you say what assistive technology you use.